AZ-204Developing Solutions for Microsoft Azurepopular - Practice Questions - Post 40
1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: -Create a new Azure AD application. In the application's manifest, set value of the groupMembershipClaims option to All. -In the website, use the value of the groups claim from the JWT for the user to determine permissions. Does the solution meet the goal?
Page: Page 46
Option A: Yes
Option B: No
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: -Create a new Azure AD application. In the application's manifest, define application roles that match the required permission levels for the application. -Assign the appropriate Azure AD group to each role. In the website, use the value of the roles claim from the JWT for the user to determine permissions. Does the solution meet the goal?
Page: Page 46
Option A: Yes
Option B: No
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
3. DRAG DROP (Drag and Drop is not supported) You are developing an application to securely transfer data between on-premises file systems and Azure Blob storage. The application stores keys, secrets, and certificates in Azure Key Vault. The application uses the Azure Key Vault APIs. The application must allow recovery of an accidental deletion of the key vault or key vault objects. Key vault objects must be retained for 90 days after deletion. You need to protect the key vault and key vault objects. Which Azure Key Vault feature should you use? To answer, drag the appropriate features to the correct actions. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Page: Page 46
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
4. You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS). Every request to the backend service must include a valid HTTP authorization header. You need to configure the Azure API Management instance with an authentication policy. Which two policies can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Page: Page 46
Option A: Basic Authentication
Option B: Digest Authentication
Option C: Certificate Authentication
Option D: OAuth Client Credential Grant
Answer(s):
Explanation: Not available
SEO Keywords: SEO keywords not available
5. DRAG DROP (Drag and Drop is not supported) You are developing an ASP.NET Core website that can be used to manage photographs which are stored in Azure Blob Storage containers. Users of the website authenticate by using their Azure Active Directory (Azure AD) credentials. You implement role-based access control (RBAC) role permissions on the containers that store photographs. You assign users to RBAC roles. You need to configure the website's Azure AD Application so that user's permissions can be used with the Azure Blob containers. How should you configure the application? To answer, drag the appropriate setting to the correct location. Each setting can be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Page: Page 47
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
6. HOTSPOT (Drag and Drop is not supported) You are developing an ASP.NET Core app that includes feature flags which are managed by Azure App Configuration. You create an Azure App Configuration store named AppFeatureFlagStore that contains a feature flag named Export. You need to update the app to meet the following requirements: -Use the Export feature in the app without requiring a restart of the app. -Validate users before users are allowed access to secure resources. -Permit users to access secure resources. How should you complete the code segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Page: Page 47
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
7. You have an application that includes an Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault. Secrets must not be stored in the application or application runtime environment. Changes to Azure Active Directory (Azure AD) must be minimized. You need to design the approach to loading application secrets. What should you do?
Page: Page 47
Option A: Create a single user-assigned Managed Identity with permission to access Key Vault and configure each App Service to use that Managed Identity.
Option B: Create a single Azure AD Service Principal with permission to access Key Vault and use a client secret from within the App Services to access Key Vault.
Option C: Create a system assigned Managed Identity in each App Service with permission to access Key Vault.
Option D: Create an Azure AD Service Principal with Permissions to access Key Vault for each App Service and use a certificate from within the App Services to access Key Vault.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
8. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: 1. Create an Azure Key Vault key named skey. 2. Encrypt the intake forms using the public key portion of skey. 3. Store the encrypted data in Azure Blob storage. Does the solution meet the goal?
Page: Page 47
Option A: Yes
Option B: No
Answer(s):
Explanation: Not available
SEO Keywords: SEO keywords not available
9. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: 1. Create an Azure Cosmos DB database with Storage Service Encryption enabled. 2. Store the intake forms in the Azure Cosmos DB database. Does the solution meet the goal?
Page: Page 48
Option A: Yes
Option B: No
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
10. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: Store the intake forms as Azure Key Vault secrets. Does the solution meet the goal?
Page: Page 48
Option A: Yes
Option B: No
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
11. HOTSPOT (Drag and Drop is not supported) You plan to deploy a new application to a Linux virtual machine (VM) that is hosted in Azure. The entire VM must be secured at rest by using industry-standard encryption technology to address organizational security and compliance requirements. You need to configure Azure Disk Encryption for the VM. How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Page: Page 48
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
12. Your company is developing an Azure API hosted in Azure. You need to implement authentication for the Azure API to access other Azure resources. You have the following requirements: -All API calls must be authenticated. -Callers to the API must not send credentials to the API. Which authentication mechanism should you use?
Page: Page 48
Option A: Basic
Option B: Anonymous
Option C: Managed identity
Option D: Client certificate
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
13. DRAG DROP (Drag and Drop is not supported) You are developing an application. You have an Azure user account that has access to two subscriptions. You need to retrieve a storage account key secret from Azure Key Vault. In which order should you arrange the PowerShell commands to develop the solution? To answer, move all commands from the list of commands to the answer area and arrange them in the correct order. Select and Place:
Page: Page 49
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Use an X.509 certificate to authenticate the VM with Azure Resource Manager. Does the solution meet the goal?
Page: Page 49
Option A: Yes
Option B: No
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
15. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Use the Reader role-based access control (RBAC) role to authenticate the VM with Azure Resource Manager. Does the solution meet the goal?
Page: Page 49
Option A: Yes
Option B: No
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
16. HOTSPOT (Drag and Drop is not supported) You are building a website that is used to review restaurants. The website will use an Azure CDN to improve performance and add functionality to requests. You build and deploy a mobile app for Apple iPhones. Whenever a user accesses the website from an iPhone, the user must be redirected to the app store. You need to implement an Azure CDN rule that ensures that iPhone users are redirected to the app store. How should you complete the Azure Resource Manager template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Page: Page 49
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
17. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: -Configure and use Integrated Windows Authentication in the website. -In the website, query Microsoft Graph API to load the groups to which the user is a member. Does the solution meet the goal?
Page: Page 50
Option A: Yes
Option B: No
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint. Does the solution meet the goal?
Page: Page 50
Option A: Yes
Option B: No
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
19. HOTSPOT (Drag and Drop is not supported) You are building a website to access project data related to teams within your organization. The website does not allow anonymous access. Authentication is performed using an Azure Active Directory (Azure AD) app named internal. The website has the following authentication requirements: -Azure AD users must be able to login to the website. -Personalization of the website must be based on membership in Active Directory groups. You need to configure the application's manifest to meet the authentication requirements. How should you configure the manifest? To answer, select the appropriate configuration in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Page: Page 50
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
20. You develop an app that allows users to upload photos and videos to Azure storage. The app uses a storage REST API call to upload the media to a blob storage account named Account1. You have blob storage containers named Container1 and Container2. Uploading of videos occurs on an irregular basis. You need to copy specific blobs from Container1 to Container2 when a new video is uploaded. What should you do?
Page: Page 50
Option A: Copy blobs to Container2 by using the Put Blob operation of the Blob Service REST API
Option B: Create an Event Grid topic that uses the Start-AzureStorageBlobCopy cmdlet
Option C: Use AzCopy with the Snapshot switch to copy blobs to Container2
Option D: Download the blob to a virtual machine and then upload the blob to Container2
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
21. You are developing an ASP.NET Core website that uses Azure FrontDoor. The website is used to build custom weather data sets for researchers. Data sets are downloaded by users as Comma Separated Value (CSV) files. The data is refreshed every 10 hours. Specific files must be purged from the FrontDoor cache based upon Response Header values. You need to purge individual assets from the Front Door cache. Which type of cache purge should you use?
Page: Page 51
Option A: single path
Option B: wildcard
Option C: root domain
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
22. Your company is developing an Azure API. You need to implement authentication for the Azure API. You have the following requirements: All API calls must be secure. -Callers to the API must not send credentials to the API. Which authentication mechanism should you use?
Page: Page 51
Option A: Basic
Option B: Anonymous
Option C: Managed identity
Option D: Client certificate
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
23. You are a developer for a SaaS company that offers many web services. All web services for the company must meet the following requirements: -Use API Management to access the services -Use OpenID Connect for authentication -Prevent anonymous usage A recent security audit found that several web services can be called without any authentication. Which API Management policy should you implement?
Page: Page 51
Option A: jsonp
Option B: authentication-certificate
Option C: check-header
Option D: validate-jwt
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
24. DRAG DROP (Drag and Drop is not supported) Contoso, Ltd. provides an API to customers by using Azure API Management (APIM). The API authorizes users with a JWT token. You must implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID. You need to add the following policies to the policies file: -a set-variable policy to store the detected user identity -a cache-lookup-value policy -a cache-store-value policy -a find-and-replace policy to update the response body with the user profile information To which policy section should you add the policies? To answer, drag the appropriate sections to the correct policies. Each section may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Page: Page 51
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
25. DRAG DROP (Drag and Drop is not supported) You are developing an Azure solution. You need to develop code to access a secret stored in Azure Key Vault. How should you complete the code segment? To answer, drag the appropriate code segments to the correct location. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Page: Page 52
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
26. You are developing an Azure App Service REST API. The API must be called by an Azure App Service web app. The API must retrieve and update user profile information stored in Azure Active Directory (Azure AD). You need to configure the API to make the updates. Which two tools should you use? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Page: Page 52
Option A: Microsoft Graph API
Option B: Microsoft Authentication Library (MSAL)
Option C: Azure API Management
Option D: Microsoft Azure Security Center
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
27. You develop a REST API. You implement a user delegation SAS token to communicate with Azure Blob storage. The token is compromised. You need to revoke the token. What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Page: Page 52
Option A: Revoke the delegation key.
Option B: Delete the stored access policy.
Option C: Regenerate the account key.
Option D: Remove the role assignment for the security principle.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
28. DRAG DROP (Drag and Drop is not supported) You are developing an Azure-hosted application that must use an on-premises hardware security module (HSM) key. The key must be transferred to your existing Azure Key Vault by using the Bring Your Own Key (BYOK) process. You need to securely transfer the key to Azure Key Vault. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
Page: Page 52
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
29. You develop and deploy an Azure Logic app that calls an Azure Function app. The Azure Function app includes an OpenAPI (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD). The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted. You need to secure the Azure Logic app. What should you do?
Page: Page 53
Option A: Create a user-assigned managed identity and assign role-based access controls.
Option B: Create an Azure AD custom role and assign the role to the Azure Blob storage account.
Option C: Create an Azure Key Vault and issue a client certificate.
Option D: Create a system-assigned managed identity and issue a client certificate.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
30. HOTSPOT (Drag and Drop is not supported) You are developing an application that uses a premium block blob storage account. You are optimizing costs by automating Azure Blob Storage access tiers. You apply the following policy rules to the storage account. You must determine the implications of applying the rules to the data. (Line numbers are included for reference only.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Page: Page 53
Option A: See Explanation section for answer.
Answer(s):
Explanation:
SEO Keywords: SEO keywords not available
Post a Comment